Vulnerabilities in n/a

159,602 results

CVE-2023-34362CRITICALIn Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL EPSS 99.9%KEV CVE-2022-29303CRITICALSolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.EPSS 99.9%KEV CVE-2015-1427CRITICALThe Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection meEPSS 99.9%KEV CVE-2018-0296HIGHA vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to causeEPSS 99.9%KEV CVE-2021-22986CRITICALOn BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 EPSS 99.9%KEV CVE-2014-0497HIGHInteger underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 1EPSS 99.9%KEV CVE-2021-33044CRITICALThe identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identityEPSS 99.9%KEV CVE-2021-36260CRITICALA command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploiEPSS 99.9%KEV CVE-2021-44515CRITICALZoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in thEPSS 99.9%KEV CVE-2015-4000LOWThe TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EEPSS 99.9%CVE-2021-35394CRITICALRealtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary.EPSS 99.9%KEV CVE-2020-13379—The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated EPSS 99.9%CVE-2021-37415CRITICALZoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authenticatioEPSS 99.9%KEV CVE-2017-8917—SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.EPSS 99.8%CVE-2017-7269CRITICALBuffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows SEPSS 99.8%KEV CVE-2012-1459—The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8EPSS 99.8%CVE-2020-7961CRITICALDeserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web serEPSS 99.8%KEV CVE-2016-6277HIGHNETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before EPSS 99.8%KEV CVE-2019-15107CRITICALAn issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.EPSS 99.8%KEV CVE-2022-47966CRITICALMultiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache SanEPSS 99.8%KEV

← previouspage 3 / 7,981next →